InfoSec_Reference
An Information Security Reference That Doesn't Suck
Goal:
- Be an awesome Information Security Reference
- List of techinques, tools and tactics to learn from/reference.
- Rich resource of infosec knowledge for anyone to browse through as a jumping off point for various niches OR as a reference/recall method for stuff.
- Something like a "Yellow Pages" in the sense of you know something exists, but what was it called....
- 'If you give a man a fish, he is hungry again in an hour. If you teach him to catch a fish, you do him a good turn.'
- Always accepting more links/stuff. Feel free to make a pull request or a complaint through a pull request or filing a bug
- Why Do You Care?
- Don't have to constantly google for tools/reminder.
- Easily browsable list of tools, techniques, papers, and research in all sorts of areas.
- Want to read some good info.
- Why Do I Care?
- I do this as a resource to learn and help others, and offer it publicly as a way of giving back to the general community.
- To be clear, these aren't personal notes. I keep this repo maintained as a way of having pointers to information that I feel might help build someone's skillset or increase their understanding of attacks/methods/defenses.
- This is not meant to condone illegal or malicious activities.
- This page
- To see a better looking version on mobile: use https://rmusser.net/docs(horribly colored, but nicely formatted version).
- For latest content updates, check the git history.
- Want to contribute a link? Anything relevant that isn't already in or covered would be/is appreciated.
- If this resource has helped you in any way(and didn't increase your frustration), please consider making a donation to Doctors Without Borders or Amnesty International.
Index - Table of Contents
- Pre-ATT&CK
- ATT&CK Stuff
- Attacking & Securing Active Directory
- Anonymity/OpSec/Privacy
๐ฐ Basic Security Information๐ฐ - BIOS/UEFI/Firmware Attacks/Defense
๐จ Building a Testing Lab๐จ ๐ Car hacking๐ ๐ธ Career๐ธ - Cheat Sheets
- Cloud
๐น Conferences/Recordings๐น ๐ฑ Containers๐ฑ โญ Courses & Trainingโญ ๐ฒ Cryptography & Encryption๐ฒ ๐ CTFs & Wargames๐ - Darknets
- Data Anaylsis & Visualization
๐ Defense๐ ๐ฐ Documentation & Reporting๐ฐ - Embedded Device Security
- Exfiltration
๐ Exploit Development๐ - Forensics & Incident Response
๐ Fuzzing & Bug Hunting๐ ๐ฎ Game Hacking๐ฎ ๐ฏ Honeypots๐ฏ - Interesting Things & Useful Information
- Logging, Monitoring, & Threat Hunting
๐ Malware๐ โ ๏ธ Network Attacks & Defenseโ ๏ธ ๐ฉ Network Security Monitoring & Logging๐ฉ ๐ญ Open Source Intelligence Gathering - OSINT๐ญ - Passwords
๐ฃ Phishing๐ฃ ๐ช Physical Security๐ช - Privilege Escalation and Post-Exploitation
- AppSec/Programming Stuff
๐ Rants & Writeups๐ ๐ฎ Red Teaming/Penetration Testing Stuff๐ฎ - REMATH Reverse Engineering
- Reverse Engineering
- Rootkits
๐ Social Engineering๐ ๐ฉ System Internals (Linux/Windows)๐ฉ - Threat Modeling
๐ฅ UI/UX Design๐ฅ ๐ป Web๐ป ๐ถ Wireless Networks and RF Devices๐ถ - Notable Policy Docs
-
A Quote:
- "
As the Americans learned so painfully in Earth's final century, free flow of information is the only safeguard against tyranny. The once-chained people whose leaders at last lose their grip on information flow will soon burst with freedom and vitality, but the free nation gradually constricting its grip on public discourse has begun its rapid slide into despotism. Beware of he who would deny you access to information, for in his heart he dreams himself your master.
"
- Commissioner Pravin Lal, Peacekeeping Forces (Alpha Centauri, 1999)
- "
-
Another Quote:
"Nowhere does Bokonon warn against a personโs trying to discover the limits of his karass and the nature of the work God Almighty has had it do. Bokonon simply observes that such investigations are bound to be incomplete. In the autobiographical section of The Books of Bokanon he writes a parable on the folly of pretending to discover, to understand: I once knew an Episcopalian lady in Newport, Rhode Island, who asked me to design and build a doghouse for her Great Dane. The lady claimed to understand God and His Ways of Working perfectly. She could not understand why anyone should be puzzled about what had been or about what was going to be. And yet, when I showed her a blueprint of the doghouse I proposed to build, she said to me, โIโm sorry, but I never could read one of those things.โ โGive it to your husband or your minister to pass on to God,โ I said, โand, when God finds a minute, Iโm sure heโll explain this doghouse of mine in a way that even you can understand.โ She fired me. I shall never forget her. She believed that God liked people in sailboats much better than He liked people in motorboats. She could not bear to look at a worm. When she saw a worm, she screamed. She was a fool, and so am I, and so is anyone who thinks he sees what God is Doing, [writes Bokonon].
- Cat's Cradle(The Books of Bokonon), Kurt Vonnegut